The ongoing fraud campaign is reported to be netting between US$3 to $5 million in fraudulent revenue per day. The operation was discovered in September 2016 and uses a massive botnet spoofing thousands of name brand domains.
The attack focused on targets in Saudi Arabia and the malware used was programmed to wipe the hard disk of the infected computer. Legitimate credentials were used to spread the malware across the network and to start the destruction on November 17, 2016. The components used in the attack are similar to ones used in the original Shamoon attacks that were discovered in 2012.
The attacks targeted multiple financial institutions around the globe. The cyber criminals behind the attacks gained remote access to ATM's and removed the malware after cashing out resulting in no trace of the transactions.
The DDOS attack against DNS provider Dyn is reported to be the largest to date, with an estimated load of 1.2 terabits per second. The attack took place on October 21, 2016 and was carried out by millions of IoT devices infected with the Mirai malware.
A modular cyber-espionage platform that uses customized techniques and tools to remain hidden. ProjectSauron is known to target multiple entities including government, research centers, military operations, telecommunication providers, and financial companies located around the world. The main focus of the attack campaign is to exfiltrate documents, keystrokes, and encryption keys.
The campaign was first discovered in late 2016 and targets multiple sectors located around the world. The threat actors behind the operation are known to use off-the-shelf tools such as Nmap, FreeRDP, NCat, and NPing.
The campaign targeted Korean military and strategy think tanks, a Uyghur news and discussion forum, a science and technology policy journal, and a website for evangelical students.